Communication management system, communication management method and communication control device

ABSTRACT

A communication management system includes a terminal which has a peer to peer connection to communicate with a node conducting peer to peer communication, a content detector which, when the terminal receives from the node a content of which distribution should be controlled, detects identification information of the content, and a communication control apparatus which refers to the detected identification information to control transmission of the content of which distribution should be controlled.

TECHNICAL FIELD

The present invention relates to a communication management technique,and particularly to a communication management system, a communicationmanagement method and a communication control apparatus for managingdistribution of contents transmitted via peer to peer (P2P)communication or the like.

BACKGROUND ART

Due to improved Internet infrastructures and the widespread ofcommunication terminals, such as cellular phone terminals, personalcomputers, and VoIP (Voice over Internet Protocol) phone sets, thenumber of Internet users is now exploding. Under such circumstances,security problems such as computer viruses, hacking and spam mails havebecome apparent, requiring appropriate techniques for communicationcontrol. Also, since improved communication environments have enormouslyincreased communication traffic, there are required communicationcontrol apparatuses that enable high-speed processing of a large volumeof data.

[Patent Document 1] Japanese Patent Application Laid-open No. 4-180425.

DISCLOSURE OF THE INVENTION Problem to be Solved by the Invention

In recent years, the number of users of file-sharing networks using P2Pcommunication has been increasing. Such users have rapidly increasedbecause the users can easily obtain desired contents by sharing theircontents among each other. On the other hand, a series of problems, suchas copyright infringement of contents, distribution of illegal contents,and spread of computer viruses targeting file-sharing networks, havebecome apparent and are now regarded as social issues. Accordingly,there is an urgent need to develop appropriate techniques for managingcontent distribution.

The present invention has been made in view of such a situation, and ageneral purpose thereof is to provide a technique for managing contentdistribution appropriately.

Means for Solving the Problem

One aspect of the present invention relates to a communicationmanagement system. The communication management system comprises: aterminal which has a peer to peer connection to communicate with a nodeconducting peer to peer communication; a content detector which, whenthe terminal receives from the node a content of which distributionshould be controlled, detects identification information of the content;and a communication control apparatus which refers to the detectedidentification information to control transmission of the content ofwhich distribution should be controlled.

The identification information of the content may include the file name,file size, or hash value of the content.

The communication control apparatus may comprise: a database whichstores identification information of the content detected by the contentdetector; a search circuit which acquires data of a content and searchesthe database for identification information of the content; and aprocess execution circuit which performs processing for controlling thedistribution of the content in accordance with the search result of thesearch circuit.

The communication management system may further comprise: a contentdatabase which stores identification information of the content of whichdistribution should be controlled, in which the identificationinformation is detected by the content detector; and a database serverwhich refers to the content database to update the database of thecommunication control apparatus.

When, in the peer to peer communication, the node requested to searchfor a content transmits to the request source of the search a responseincluding identification information of a content registered in thedatabase, the process execution circuit may delete the identificationinformation of the content.

When, in the peer to peer communication, the node requested to searchfor a content transmits to the request source of the search a responseincluding identification information of a content registered in thedatabase, the process execution circuit may change the address of a nodedistributing the content to the address of a warning content serverwhich issues a warning that the distribution of the content should berestricted.

When identification information of a content transmitted from the nodeto another apparatus matches identification information registered inthe database in the peer to peer communication, the process executioncircuit may block the transmission of the content.

When identification information of a content transmitted from the nodeto another apparatus matches identification information registered inthe database in the peer to peer communication, the process executioncircuit may replace the content with a warning content for warning thatthe distribution of the content should be restricted.

The communication control apparatus may be configured using FPGA (FieldProgrammable Gate Array) or may be configured with a wired logiccircuit.

Another aspect of the present invention relates to a communicationmanagement method. The communication management method comprises:detecting, when a terminal having a peer to peer connection tocommunicate with a node conducting peer to peer communication receivesfrom the node a content of which distribution should be controlled, theidentification information of the content; and referring to the detectedidentification information to control transmission of the content ofwhich distribution should be controlled.

Yet another aspect of the present invention relates to a communicationcontrol apparatus. The communication control apparatus comprises: adatabase which stores identification information of a content detectedas a content of which distribution should be controlled, among contentstransmitted between nodes through peer to peer communication; a searchcircuit which acquires data of a content and searches the database foridentification information of the content; and a process executioncircuit which performs processing for controlling the distribution ofthe content in accordance with the search result of the search circuit.

Optional combinations of the aforementioned constituting elements, andimplementations of the invention in the form of methods, apparatuses,systems, recording mediums and computer programs may also be practicedas additional modes of the present invention.

ADVANTAGEOUS EFFECTS

The present invention provides a technique for managing contentdistribution appropriately.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram that shows a configuration of a communicationcontrol system according to a base technology.

FIG. 2 is a diagram that shows a configuration of a conventionalcommunication control apparatus.

FIG. 3 is a diagram that shows a configuration of a communicationcontrol apparatus according to the base technology.

FIG. 4 is a diagram that shows a configuration of a packet processingcircuit.

FIG. 5 is a diagram that shows a configuration of a position detectioncircuit.

FIG. 6 is a diagram that shows another example of the position detectioncircuit.

FIG. 7 is a diagram that shows yet another example of the positiondetection circuit.

FIG. 8 is a diagram that shows an example of internal data of a firstdatabase.

FIG. 9 is a diagram that shows another example of internal data of thefirst database.

FIG. 10 is a diagram that shows yet another example of internal data ofthe first database.

FIG. 11 is a diagram that shows another example of the index circuit.

FIG. 12 is a diagram that shows a configuration of a comparison circuitincluded in a binary search circuit.

FIG. 13 is a diagram that shows a configuration of the binary searchcircuit.

FIG. 14 is a diagram that shows still yet another example of internaldata of the first database.

FIG. 15 is a diagram that shows an example of internal data of a seconddatabase.

FIG. 16 is a diagram that shows another example of internal data of thesecond database.

FIG. 17 is a diagram that shows another illustrative configuration ofthe communication control apparatus according to the base technology.

FIG. 18 is a diagram that shows a configuration of a communicationcontrol apparatus comprising multiple communication control apparatuses.

FIG. 19 is a diagram that shows an example of internal data of amanagement table provided in an operation monitoring server.

FIG. 20 is a diagram for describing an operational procedure performedin the event that a communication control apparatus fails.

FIGS. 21A, 21B and 21C are diagrams for describing a procedure forupdating databases in the communication control apparatuses.

FIG. 22 is a diagram that shows a configuration of a communication pathcontrol apparatus provided to process packets with multiplecommunication control apparatuses.

FIG. 23 is a diagram that shows a configuration of a communicationmanagement system according to a first embodiment.

FIG. 24 is a diagram that shows another illustrative configuration ofthe communication management system according to the first embodiment.

FIG. 25 is a diagram that shows a configuration of the packet processingcircuit according to the first embodiment.

FIG. 26 is a diagram that shows a configuration of a communicationmanagement system according to a second embodiment.

FIG. 27 is a sequential diagram that shows a procedure of a method forcontrolling distribution of an inappropriate content.

FIG. 28 is a sequential diagram that shows a procedure of another methodfor controlling distribution of an inappropriate content.

FIG. 29 is a sequential diagram that shows a procedure of yet anothermethod for controlling distribution of an inappropriate content.

FIG. 30 is a diagram that shows an internal configuration of the packetprocessing circuit used to control content distribution.

FIG. 31A is a diagram that shows an example of internal data of a viruslist; FIG. 31B is a diagram that shows an example of internal data of awhitelist; and FIG. 31C is a diagram that shows an example of internaldata of a blacklist.

FIG. 32 is a diagram that shows an example of internal data of a commoncategory list.

FIGS. 33A, 33B, 33C and 33D are diagrams that show examples of internaldata of the second database.

FIG. 34 is a diagram that shows the priorities of the virus list,whitelist, blacklist and common category list.

[Explanation of Reference Numerals]  10 communication control apparatus 20 packet processing circuit  30 search circuit  32 position detectioncircuit  33 comparison circuit  34 index circuit  35 comparison circuit 36 binary search circuit  36A, 36B and 36C comparison circuits  36Zcontrol circuit  40 process execution circuit  50 first database  57user database  60 second database  70 decoder circuit  72 decryption key100 communication control system 110 operation monitoring server 120connection management server 130 message output server 140 logmanagement server 150 database server 161 virus list 162 whitelist 163blacklist 164 common category list 200 communication path controlapparatus 300 communication management system 310 user terminal 320 P2Pnode 322 P2P network 330 ISP 340 node detector 350 P2P node 352 P2P nodedetection network 354 illegal content detection network 356 illegalcontent detector 360 P2P node database 362 illegal content database 364warning content server 390 Internet

BEST MODE FOR CARRYING OUT THE INVENTION

First, as a base technology, a communication control system that has noCPU or OS and performs a packet filtering function using a dedicatedhardware circuit will be described. Thereafter, there will be describedas an embodiment a technique for managing P2P communication using thecommunication control system of the base technology.

(Base Technology)

FIG. 1 shows a configuration of a communication control system accordingto the base technology. A communication control system 100 comprises acommunication control apparatus 10 and various peripheral apparatusesprovided to support the operation of the communication control apparatus10. The communication control apparatus 10 of the base technologyperforms a packet filtering function provided by an Internet serviceprovider or the like. The communication control apparatus 10 provided ona network path acquires a packet transmitted via the network, analyzesthe content, and determines whether or not the packet communicationshould be permitted. If the communication is permitted, thecommunication control apparatus 10 will transmit the packet to thenetwork. If the communication is prohibited, the communication controlapparatus 10 will discard the packet and return a warning message or thelike to the transmission source of the packet if necessary.

The communication control system 100 of the base technology includesmultiple communication control apparatuses 10 a, 10 b, 10 c, etc. andoperates them functioning as one communication control apparatus 10.Hereinafter, each of the communication control apparatuses 10 a, 10 b,10 c, etc. and their collective body will be both referred to as acommunication control apparatus 10 with no distinction.

In the communication control system 100 of the base technology, eachcommunication control apparatus 10 stores the respective shares of atleast part of databases necessary for packet processing; there areprovided as many as the number of communication control apparatuses 10required to share and store such databases, and at least one moreapparatus is provided extra. For example, when the number of pieces ofdata is 300,000 or above but less than 400,000, the number ofcommunication control apparatuses required for operation is four.However, one or more communication control apparatuses 10 should befurther provided as standby units in case any of the communicationcontrol apparatuses 10 in operation fails or in case a database in anyof the communication control apparatuses 10 is updated. Accordingly, atleast five communication control apparatuses 10 are provided in total.Conventionally, the entire system has needed to be duplexed consideringfault tolerance. According to the technique of the base technology, incontrast, a divided unit of the communication control apparatus 10 maybe only provided extra, thereby enabling cost reduction. The operatingstate of the multiple communication control apparatuses 10 a, 10 b, 10c, etc. is managed by an operation monitoring server 110. The operationmonitoring server 110 of the base technology has a management table formanaging the operating state of the communication control apparatuses.

The peripheral apparatuses include the operation monitoring server 110,a connection management server 120, a message output server 130, a logmanagement server 140 and a database server 150. The connectionmanagement server 120 manages connection to the communication controlapparatus 10. When the communication control apparatus 10 processes apacket transmitted from a cellular phone terminal, for example, theconnection management server 120 authenticates the user as a userentitled to enjoy the service of the communication control system 100,based on information included in the packet, which uniquely identifiesthe cellular phone terminal. Once the user is authenticated, packetstransmitted from the IP address, which is temporarily provided for thecellular phone terminal, will be transmitted to the communicationcontrol apparatus 10 and processed therein, without being authenticatedby the connection management server 120 during a certain period. Themessage output server 130 outputs a message to the destination or thesource of packet transmission, according to whether the communicationcontrol apparatus 10 has permitted the packet communication. The logmanagement server 140 manages the operating history of the communicationcontrol apparatus 10. The database server 150 acquires the latestdatabase from an external source and provides the database to thecommunication control apparatus 10. To update the database withouthalting the operation of the communication control apparatus 10, theapparatus may possess a backup database. The operation monitoring server110 monitors the operating state of the communication control apparatus10 and its peripheral apparatuses including the connection managementserver 120, message output server 130, log management server 140 anddatabase server 150. The operation monitoring server 110 has the highestpriority in the communication control system 100 and performssupervisory control of the communication control apparatus 10 and allthe peripheral apparatuses. Although the communication control apparatus10 is configured with a dedicated hardware circuit, as will be describedlater, the operation monitoring server 110 can monitor the operatingstate even while the communication control apparatus 10 is in operation,by inputting to or outputting from the communication control apparatus10 the data for monitoring by means of a boundary-scan circuit based onthe technique described in Japanese Patent No. 3041340 filed by thepresent applicant or other techniques.

In the communication control system 100 of the base technology, as willbe described below, the communication control apparatus 10, configuredwith a dedicated hardware circuit for faster operation, is controlled byusing a group of peripheral servers connected thereto and having variousfunctions. Accordingly, by suitably replacing the software of the groupof servers, a wide variety of functions can be achieved with a similarconfiguration. Thus, the base technology provides such communicationcontrol system having high flexibility.

FIG. 2 shows a configuration of a conventional communication controlapparatus 1. The conventional communication control apparatus 1comprises a communication control unit 2 on the receiving side, a packetprocessing unit 3, and a communication control unit 4 on the sendingside. The communication control units 2 and 4 include PHY processingunits 5 a and 5 b for performing physical layer processing of packets,and MAC processing units 6 a and 6 b for performing MAC layer processingof packets, respectively. The packet processing unit 3 includes protocolprocessing units for performing protocol-specific processing, such as anIP processing unit 7 for performing IP (Internet Protocol) processingand a TCP processing unit 8 for performing TCP (Transport ControlProtocol) processing. The packet processing unit 3 also includes an APprocessing unit 9 for performing application layer processing. The APprocessing unit 9 performs filtering or other processing according todata included in a packet.

The packet processing unit 3 of the conventional communication controlapparatus 1 is implemented by software, using a general-purposeprocessor, or CPU, and an OS running on the CPU. With suchconfiguration, however, the performance of the communication controlapparatus 1 depends on the performance of the CPU, hampering thecreation of a communication control apparatus capable of high-speedprocessing of a large volume of packets. For example, a 64-bit CPU canprocess only up to 64 bits at a time, and hence, there has existed nocommunication control apparatus having a higher performance than this.In addition, since the conventional communication control apparatus ispredicated on the presence of an OS with versatile functionality, thepossibility of security holes cannot be eliminated completely, requiringmaintenance work including OS upgrades.

FIG. 3 shows a configuration of a communication control apparatusaccording to the base technology. A communication control apparatus 10of the base technology comprises a packet processing circuit 20configured with dedicated hardware employing a wired logic circuit,instead of a packet processing unit that is implemented by softwareincluding a CPU and an OS in a conventional communication controlapparatus. By providing a dedicated hardware circuit to processcommunication data, rather than processing it with an OS and softwarerunning on a general-purpose processing circuit such as CPU, theperformance limitations posed by the CPU or OS can be overcome, enablinga communication control apparatus having high throughput.

For example, a case will be considered here in which search is conductedin packet filtering or the like to check if the data in a packetincludes reference data, which serves as criteria for filtering. When aCPU is used to compare the communication data with the reference data,there occurs a problem in that, since only 64-bit data can be comparedat a time, the processing speed cannot be improved beyond such CPUperformance. Since the CPU needs to repeat the process of loading 64bits of communication data into a memory and comparing it with thereference data, the memory load time becomes a bottleneck that limitsthe processing speed.

In the base technology, by contrast, a dedicated hardware circuitconfigured with a wired logic circuit is provided to comparecommunication data with reference data. This circuit includes multiplecomparators arranged in parallel, so as to enable the comparison of datahaving a length greater than 64 bits, such as 1024 bits. By providingdedicated hardware in such manner, bit matching can be simultaneouslyperformed on a large number of bits in parallel. Since 1024-bit data canbe processed at a time, while the conventional communication controlapparatus 1 using a CPU processes only 64 bits, the processing speed canbe improved remarkably. Increasing the number of comparators willimprove the throughput, but also increase the cost and size of theapparatus. Accordingly, an optimal hardware circuit may be designed inaccordance with the desired performance, cost or size.

Since the communication control apparatus 10 of the base technology isconfigured with dedicated hardware employing a wired logic circuit, itdoes not require any OS (Operating System). This can eliminate the needfor the installation, bug fixes, or version upgrades of an OS, therebyreducing the cost and man-hours required for administration andmaintenance. Also, unlike CPUs requiring versatile functionality, thecommunication control apparatus 10 does not include any unnecessaryfunctions or use needless resources, and hence, reduced cost, a smallercircuit area or improved processing speed can be expected. Furthermore,again unlike conventional OS-based communication control apparatuses,the absence of unnecessary functions decreases the possibility ofsecurity holes and thus enhances the tolerance against attacks frommalicious third parties over a network.

The conventional communication control apparatus 1 processes packetsusing software predicated on a CPU and an OS. Therefore, all packet dataneeds to be received before protocol processing is performed, and thenthe data is passed to an application. In contrast, since packetprocessing is performed by a dedicated hardware circuit in thecommunication control apparatus 10 of the base technology, all packetdata need not be received before starting the processing; upon receptionof necessary data, the processing can be started at any given point intime without waiting for the reception of subsequent data. For example,position detection processing in a position detection circuit, whichwill be described later, may be started at the time when positionidentification data for identifying the position of comparison targetdata is received. Thus, various types of processing can be performed inparallel without waiting for the reception of all data, reducing thetime required to process packet data.

FIG. 4 shows an internal configuration of the packet processing circuit.The packet processing circuit 20 comprises: first databases 50A, 50B and50C (hereinafter, they may be collectively referred to as “firstdatabases 50”) for storing reference data, which is referred to whenprocessing to be performed on communication data is determined; a searchcircuit 30 for searching received communication data for the referencedata by comparing the two; a second database 60 for storing a searchresult of the search circuit 30 and a content of processing to beperformed on the communication data, which are related to each other;and a process execution circuit 40 for processing the communication databased on the search result of the search circuit 30 and the conditionsstored in the second database 60.

The search circuit 30 includes: a position detection circuit 32 fordetecting the position of comparison target data, which is to becompared with reference data, in communication data; an index circuit 34which serves as an example of a determination circuit that determineswhich range the comparison target data belongs to among three or moreranges, into which the reference data stored in the first database 50 isdivided; and a binary search circuit 36 for searching the determinedrange for the reference data that matches the comparison target data.The reference data may be searched for the comparison target data usingany search technique, and a binary search method is used in the basetechnology. Since an improved binary search method is employed, as willbe discussed later, three first databases 50 are provided in the basetechnology. The first databases 50A, 50B and 50C store the samereference data.

FIG. 5 shows an internal configuration of the position detectioncircuit. The position detection circuit 32 includes multiple comparisoncircuits 33 a-33 f that compare communication data with positionidentification data for identifying the position of comparison targetdata. While six comparison circuits 33 a-33 f are provided here, thenumber of comparison circuits may be arbitrary, as will be describedlater. To the comparison circuits 33 a-33 f are input pieces ofcommunication data, with each piece shifted from the preceding one by apredetermined data length, such as 1 byte. These multiple comparisoncircuits 33 a-33 f then simultaneously compare the respectivecommunication data with the position identification data to be detectedin parallel.

The base technology will be described by way of example for explainingthe operation of the communication control apparatus 10, in which acharacter string “No. ###” in communication data is detected, the number“###” included in the character string is then compared with referencedata, and if the number matches the reference data, the packet will beallowed to pass, while, if they do not match, the packet will bediscarded.

In the example of FIG. 5, communication data “01No. 361 . . . ” is inputto the comparison circuits 33 a-33 f with a shift of one character each,and position identification data “No.” for identifying the position ofthe number “###” is sought to be detected in the communication data.More specifically, “01N” is input to the comparison circuit 33 a, “1No”to the comparison circuit 33 b, “No.” to the comparison circuit 33 c,“o.” to the comparison circuit 33 d, “. 3” to the comparison circuit 33e, and “36” to the comparison circuit 33 f. Then, the comparisoncircuits 33 a-33 f simultaneously perform comparisons with the positionidentification data “No.”. Consequently, there is found a match with thecomparison circuit 33 c, indicating that the character string “No.”exists at the third character from the top of the communication data.Thus, it is found that the numeral data as comparison target data existssubsequent to the position identification data “No.” detected by theposition detection circuit 32.

When the same processing is performed by a CPU, since the comparisonprocess needs to be serially performed one by one from the top, such ascomparing character strings “01N” and “No.” before comparing “1No” and“No.”, no improvement of detection speed can be expected. In thecommunication control apparatus 10 of the base technology, in contrast,providing the multiple comparison circuits 33 a-33 f in parallel enablessimultaneous parallel comparison processing, which could not have beenperformed with a CPU, improving the processing speed significantly.Providing more comparison circuits will improve the detection speed, asmore characters can be compared simultaneously. In consideration of costor size, a sufficient number of comparison circuits may be provided toachieve a desired detection speed.

Aside from detecting position identification data, the positiondetection circuit 32 may also be used as a circuit for detectingcharacter strings for various purposes. Moreover, the position detectioncircuit 32 may be configured to detect position identification data inunits of bits, not just as a character string.

FIG. 6 shows another example of the position detection circuit. In theexample shown in FIG. 6, when the data length of position identificationdata is shorter than that prepared in each of the comparison circuits 33a-33 f in the position detection circuit 32, predetermined data, such as“00H” or “01H”, is padded posterior to the position identification data.Similarly, with regard to communication data to be compared withposition identification data, a data length identical with that of theposition identification data is extracted from the communication dataand input to a comparison circuit, and the same data as padded after theposition identification data is also padded posterior thereto. In suchcase, the communication data may be copied as work, and the copied datamay be processed to be input to the comparison circuits 33 a-33 f, so asnot to change the original communication data. Thus, the positiondetection circuit 32 can be generally used regardless of the length ofposition identification data.

FIG. 7 shows yet another example of the position detection circuit. Inthe example shown in FIG. 7, predetermined data is padded posterior toposition identification data in the same way as shown in the example ofFIG. 6, and, in addition, such data is regarded as a wild card. That is,when data is input as a wild card into the comparison circuits 33 a-33f, it is determined that the corresponding part of target data to becompared matches the wild-card data whatever the target data is. Thus,the position detection circuit 32 can be generally used regardless ofthe length of position identification data.

FIG. 8 shows an example of internal data of the first database. Thefirst database 50 stores reference data, which is referred to whenprocessing on packets, such as filtering, routing, switching, orreplacement, is determined. The pieces of reference data are sortedaccording to some sort conditions and stored in ascending or descendingorder. In the example of FIG. 8, 1000 pieces of reference data arestored.

The index circuit 34 determines which range comparison target databelongs to among three or more ranges, such as 52 a-52 d, into whichreference data stored in the first database 50 is divided. In theexample of FIG. 8, the 1000 pieces of reference data are divided intofour ranges 52 a-52 d, i.e., 250 pieces each in a range. The indexcircuit 34 includes multiple comparison circuits 35 a-35 c, each ofwhich compares a piece of reference data at the border of the range withthe comparison target data. Since the comparison circuits 35 a-35 csimultaneously compare the pieces of reference data at the borders withthe comparison target data in parallel, which range the comparisontarget data belongs to can be determined by a single operation ofcomparison processing.

The pieces of reference data at the borders to be input to thecomparison circuits 35 a-35 c of the index circuit 34 may be set by anapparatus provided outside the communication control apparatus 10.Alternatively, reference data at predetermined positions in the firstdatabase 50 may be set in advance to be automatically input as such. Inthe latter case, even when the first database 50 is updated, thereference data at the predetermined positions in the first database 50are automatically input to the comparison circuits 35 a-35 c. Therefore,the communication control processing can be performed immediatelywithout initialization or the like.

As mentioned previously, CPU-based binary search cannot make multiplecomparisons at the same time. In the communication control apparatus 10of the base technology, in contrast, providing the multiple comparisoncircuits 35 a-35 c in parallel enables simultaneous parallel comparisonprocessing, with a significant improvement in the search speed.

After the index circuit 34 determines the relevant range, the binarysearch circuit 36 performs search using a binary search method. Thebinary search circuit 36 divides the range determined by the indexcircuit 34 further into 2^(n) and subsequently compares the pieces ofreference data lying at the borders with the comparison target data,thereby determining which range the comparison target data belongs to.The binary search circuit 36 includes multiple comparators forcomparing, bit by bit, reference data with comparison target data. Forexample, in the base technology are provided 1024 comparators to performbit matching on 1024 bits simultaneously. When the range to which thecomparison target data belongs is determined among the 2^(n) splitranges, the determined range is further divided into 2^(n). Then, thepieces of reference data lying at the borders are read out to becompared with the comparison target data. Thereafter, this processing isrepeated to narrow the range further until reference data that matchesthe comparison target data is eventually found.

The operation will now be described in more detail in conjunction withthe foregoing example. Each of the comparison circuits 35 a-35 c of theindex circuit 34 receives “361” as comparison target data. As forreference data, the comparison circuit 35 a receives “378”, which liesat the border of the ranges 52 a and 52 b. Similarly, the comparisoncircuit 35 b receives reference data “704” lying at the border of theranges 52 b and 52 c, and the comparison circuit 35 c receives referencedata “937” lying at the border of the ranges 52 c and 52 d. Thecomparison circuits 35 a-35 c then perform comparisons simultaneously,determining that the comparison target data “361” belongs to the range52 a. Subsequently, the binary search circuit 36 searches the referencedata for the comparison target data “361”.

FIG. 9 shows another example of internal data of the first database. Inthe example shown in FIG. 9, the number of pieces of reference data issmaller than the number of pieces of data storable in the first database50, i.e., 1000 in this case. In such instance, the first database 50stores the pieces of reference data in descending order, starting withthe last data position therein. Then, 0 is stored in the rest of thedata positions. The database is loaded with data not from the top butfrom the bottom of the loading area, and all the vacancies occurring inthe front of the loading area, if any, are replaced with zero.Consequently, the database is fully loaded at any time, so that thesearch time necessary for binary search will be constant. Moreover, ifthe binary search circuit 36 reads reference data “0” during a search,the circuit can identify the range without making a comparison, as thecomparison result is obvious, and can proceed to the next comparison.Consequently, the search speed can be improved.

In CPU-based software processing, the first database 50 stores pieces ofreference data in ascending order, from the first data position therein.In the rest of data positions will be stored a maximum value or thelike, and in such case, the skip of comparison processing as describedabove cannot be made during binary search. The comparison techniquedescribed above can be implemented by configuring the search circuit 30with a dedicated hardware circuit.

FIG. 10 shows yet another example of internal data of the firstdatabase. In the example shown in FIG. 10, the reference data is notevenly divided into three or more ranges, but unevenly divided intoranges that accommodate different numbers of pieces of data, such as 500pieces in the range 52 a and 100 pieces in the range 52 b. These rangesmay be determined depending on the distribution of frequencies withwhich reference data occurs in communication data. Specifically, theranges may be determined so that the sums of the frequencies ofoccurrence of reference data belonging to the respective ranges arealmost the same. Accordingly, the search efficiency can be improved. Thereference data to be input to the comparison circuits 35 a-35 c of theindex circuit 34 may be modifiable from the outside. In such case, theranges can be dynamically set, so that the search efficiency will beoptimized.

FIG. 11 shows another example of the index circuit. In the examples ofFIGS. 8-10, the index circuit 34 uses the three comparison circuits 35a-35 c to determine which range comparison target data belongs to amongthe four ranges of 52 a-52 d in the first database 50. In the exampleshown in FIG. 11, on the other hand, the index circuit 34 is providedwith four comparison circuits 35 d-35 g for determining whether or notcomparison target data is included in each of the four ranges 52 a-52 d.For example, into the comparison circuit 35 d are input the 0th and250th pieces of reference data in the first database 50 and comparisontarget data. Then, each piece of the reference data is compared to thecomparison target data, so as to determine whether or not the referencedata is included in the range 52 a. The comparison results provided bythe comparison circuits 35 d-35 g are input into a determination circuit35 z, which outputs information providing which range the reference datais included in. Each of the comparison circuits 35 d-35 g may output aresult indicating whether the reference data is included between the twoinput pieces of reference data, or may output a result indicating thatthe reference data is greater than the range, the reference data isincluded in the range, or the reference data is smaller than the range.When it is determined that the comparison target data is not included inany of the ranges 52 a-52 d, it can be found that the comparison targetdata does not exist within the first database 50. Accordingly, thesearch can be terminated without performing any further binary search.

FIG. 12 shows a configuration of comparison circuits included in thebinary search circuit. As mentioned previously, the comparison circuitin the binary search circuit 36 includes 1024 comparators, such as 36 a,36 b, . . . . Each of the comparators 36 a, 36 b, etc. receives 1 bit ofreference data 54 and 1 bit of comparison target data 56 to compare thebits in value. The comparison circuits 35 a-35 c of the index circuit 34have similar internal configurations. Since the comparison processing isthus performed by a dedicated hardware circuit, a large number ofcomparison circuits can be operated in parallel to compare a largenumber of bits at a time, thereby speeding up the comparison processing.

FIG. 13 shows a configuration of the binary search circuit. The binarysearch circuit 36 includes comparison circuits 36A, 36B and 36C, each ofwhich includes the 1024 comparators 36 a, 36 b, etc. as shown in FIG.12, and a control circuit 36Z for controlling the comparison circuits.

In a conventional binary search method, a piece of data lying at theone-half position in the search range of a database, in which pieces ofdata are aligned in ascending or descending order, is read out to becompared with comparison target data in the first search. When thepieces of data are aligned in ascending order and if the comparisontarget data is smaller than the read out data, it means that thecomparison target data might exist within the first half of the searchrange. Accordingly, in the second search, the search range is newly setto the first half and a piece of data lying at the one-half position inthe range, i.e. at the one-quarter position in the original searchrange, is read out to be compared with the comparison target data.Conversely, if the comparison target data is greater than the read outdata, it means that the comparison target data might exist within thesecond half of the search range. Accordingly, the new search range isset to the second half and a piece of data lying at the one-halfposition in the range, i.e. at the three-quarter position in theoriginal search range, is read out to be compared with the comparisontarget data in the second search. In this way, the search range isnarrowed by half repeatedly until the target data is reached.

In the base technology, in contrast, three comparison circuits areprovided for binary search, so that when the data at the one-halfposition in the search range is compared with comparison target data forthe first search, the comparison for the second search between thecomparison target data and each of the pieces of data at the one-quarterand three-quarter positions in the search range can be simultaneouslyperformed in parallel. Thus, the first and second searches can beperformed at the same time, thereby reducing the time required to loadthe data from the database. Also, by operating three comparison circuitsin parallel, the number of comparisons can be reduced by half, therebyreducing the search time.

In the example of FIG. 13, three comparison circuits are provided toperform two searches simultaneously. When n searches are to be performedsimultaneously, 2^(n)-1 comparison circuits may be generally provided.The control circuit 36Z inputs each piece of data at the 1/2^(n),2/2^(n), . . . , and (2^(n)-1)/2^(n) positions in the search range intothe 2^(n)-1 comparison circuits respectively, and operates thecomparison circuits simultaneously in parallel to allow them to comparethe respective pieces of data with comparison target data. The controlcircuit 36Z then acquires the comparison results from the comparisoncircuits and determines if the comparison target data is found. If anyof the comparison circuits output a signal indicating that there hasbeen a data match, the control circuit 36Z will determine that thecomparison target data has been found and will terminate the binarysearch. If there is no such signal output, the process will be shiftedto the next search. If the comparison target data exists within thedatabase, the data must lie within a range between points where thecomparison results of the 2^(n)-1 comparison circuits change. In thecase where 15 comparison circuits are provided, for example, if thepiece of data at the 5/16 position is smaller than comparison targetdata and if the piece of data at the 6/16 position is greater than thecomparison target data, the comparison target data should lie within therange between the 5/16 and 6/16 positions. Thus, the control circuit 36Zacquires comparison results from the comparison circuits and sets thenext search range to a range between points where the comparison resultschange. The control circuit 36Z then inputs, into the respectivecomparison circuits, each piece of data at the 1/2^(n), 2/2^(n), . . . ,and (2^(n)-1)/2^(n) positions in the next search range thus set.

There are provided the three first databases 50 in the base technology;the first database 50A is connected to the comparison circuit 36A andsupplies thereto a piece of data at the one-quarter position in thesearch range; the first database 50B is connected to the comparisoncircuit 36B and supplies thereto a piece of data at the two-quarterposition in the search range; and the first database 50C is connected tothe comparison circuit 36C and supplies thereto a piece of data at thethree-quarter position in the search range. Therefore, pieces of datacan be loaded simultaneously into the comparison circuits in parallel,thereby further reducing the time for data loading and enablinghigh-speed binary search.

Providing more comparison circuits will improve the search speed. Inconsideration of cost or size of the system, a sufficient number ofcomparison circuits may be provided to achieve a desired search speed.Also, although it is desirable that first databases as many ascomparison circuits are provided, some comparison circuits may share adatabase in consideration of cost or size of the system.

FIG. 14 shows still yet another example of internal data of the firstdatabase. The first database 50 shown in FIG. 14 stores URLs of contentsto which filtering is applied. The data stored in the first database 50may include predetermined data recognized as a wild card, such as “00H”or “01H”. In the example shown in FIG. 14, “*********” is recognized asa wild card in “http://www.xx.xx/*********”, and, whatever thecomparison target data corresponding thereto is, it is determined in thecomparators 36 a, 36 b, etc. that such data matches the wild card.Accordingly, every character string starting with “http://www.xx.xx/” isdetected by the binary search circuit 36. Consequently, processing suchas applying filtering to all contents within the domain“http://www.xx.xx/” can be easily performed.

FIG. 15 shows an example of internal data of the second database. Thesecond database 60 includes a search result field 62, which contains asearch result of the search circuit 30, and a processing content field64, which contains a processing content to be performed on communicationdata. The database stores the search results and the processing contentsrelated to each other. In the example of FIG. 15, conditions areestablished such that a packet will be allowed to pass if itscommunication data contains reference data; if not, the packet will bediscarded. The process execution circuit 40 searches the second database60 for a processing content based on the search result and performs theprocessing on the communication data. The process execution circuit 40may also be configured with a wired logic circuit.

FIG. 16 shows another example of internal data of the second database.In the example of FIG. 16, the processing content is set for each pieceof reference data. With regard to packet replacement, replacement datamay be stored in the second database 60. As for packet routing orswitching, information on the route may be stored in the second database60. The process execution circuit 40 performs processing, such asfiltering, routing, switching, or replacement, which is specified in thesecond database 60, in accordance with the search result of the searchcircuit 30. When the processing content is set for each piece ofreference data, as shown in FIG. 16, the first database 50 and thesecond database 60 may be merged with each other.

The first database and the second database are configured to berewritable from the outside. By replacing these databases, various typesof data processing and communication control can be achieved using thesame communication control apparatus 10. Also, multistage searchprocessing may be performed by providing two or more databases thatstore reference data to be searched. In such instance, more complicatedconditional branching may be performed by providing two or moredatabases that store search results and processing contents related toeach other. When multiple databases are thus provided to conductmultistage search, a plurality of the position detection circuits 32,the index circuits 34, the binary search circuits 36, etc. may also beprovided.

The data intended for the foregoing comparison may be compressed by thesame compression logic. If both the source data and the target data tobe compared are compressed by the same method, the comparison can beperformed in the same manner as usual, thus reducing the amount of datato be loaded for comparison. The smaller amount of data to be loaded canreduce the time required to read out the data from the memory, therebyreducing the overall processing time. Moreover, the number ofcomparators can be also reduced, which contributes to theminiaturization, weight saving, and cost reduction of the apparatus. Thedata intended for comparison may be stored in a compressed form, or maybe read out from the memory and compressed before comparison.

FIG. 17 shows another illustrative configuration of the communicationcontrol apparatus in the base technology. The communication controlapparatus 10 shown in this diagram has two communication control units12, each of which has the same configuration as the communicationcontrol apparatus 10 shown in FIG. 4. There is also provided a switchcontrol unit 14 for controlling the operation of the individualcommunication control units 12. Each of the communication control units12 has two input/output interfaces 16 and is connected to two networks,upstream and downstream, via the respective input/output interfaces 16.The communication control units 12 receive communication data fromeither one of the networks and output processed data to the other. Theswitch control unit 14 switches the inputs and outputs of theinput/output interfaces 16 provided for the individual communicationcontrol units 12, thereby switching the directions of the flow ofcommunication data in the communication control units 12. This allowscommunication control not only in one direction but also in bothdirections.

The switch control unit 14 may provide control such that: either one ofthe communication control units 12 processes inbound packets and theother processes outbound packets; both the units process inboundpackets; or both the units process outbound packets. Consequently, thedirections of communications to control can be changed depending on, forexample, the traffic status or intended purpose.

The switch control unit 14 may acquire the operating state of therespective communication control units 12 and may switch the directionof communication control according thereto. For example, when one of thecommunication control units 12 is in a standby state and the othercommunication control unit 12 is in operation, the unit on standby maybe activated as a substitute upon detection of the unit in operationstopping due to a failure or other reasons. This can improve the faulttolerance of the communication control apparatus 10. Also when one ofthe communication control units 12 needs maintenance such as a databaseupdate, the other communication control unit 12 may be operated as asubstitute. Thus, appropriate maintenance can be performed withouthalting the operation of the communication control apparatus 10.

The communication control apparatus 10 may be provided with three ormore communication control units 12. The switch control unit 14 may, forexample, acquire the traffic status to control the direction ofcommunications in the respective communication control units 12 so thatmore communication control units 12 are allocated for communicationcontrol processing in a direction handling higher traffic. Thisminimizes a drop in the communication speed, even when the trafficincreases in one direction.

FIG. 18 shows a configuration of a communication control apparatus 10comprising multiple communication control apparatuses 10 a, 10 b, 10 c,etc. Since the first database 50 requires larger capacity in proportionto an increasing number of pieces of data, the database is divided intoportions to be stored by the communication control apparatuses 10 a, 10b, 10 c, etc. As will be discussed later, in the communication controlsystem 100 of the base technology, a communication packet to beprocessed is sent to all the communication control apparatuses 10 a, 10b, 10 c, etc. in operation, and each of the communication controlapparatuses 10 then receives and processes the packet. For example, thecommunication control apparatus 10 a stores data with data IDs“000001”-“100000”, the communication control apparatus 10 b stores datawith data IDs “100001”-“200000”, and the communication control apparatus10 c stores data with data IDs “200001”-“300000”; each of thecommunication control apparatuses refers to the respective data toprocess a packet.

FIG. 19 shows an example of internal data of a management table 111provided in the operation monitoring server 110. The management table111 includes apparatus ID fields 112, operating state fields 113 anddata ID fields 114. The apparatus ID fields 112 contain the apparatusIDs of the communication control apparatuses 10 a, 10 b, etc. Theoperating state fields 113 contain the operating state of thecommunication control apparatuses, and the data ID fields 114 containthe ranges of data IDs handled by the communication control apparatuses.The operating state appears as “operating”, “standby”, “failure”, “dataupdating”, etc. The operating state fields 113 are updated by theoperation monitoring server 110 each time the operating state of thecommunication control apparatuses 10 a, 10 b, etc. changes. In theexample shown in FIG. 19, “465183” pieces of data are stored in thefirst database 50, so that the five communication control apparatuses 10having the apparatus IDs “1”-“5” are in operation while thecommunication control apparatus 10 having the apparatus ID “6” is in astandby state.

The operation monitoring server 110 monitors the operating state ofmultiple communication control apparatuses 10. When detecting any of thecommunication control apparatuses 10 being inoperable because of sometrouble, the operation monitoring server 110 stores, in thecommunication control apparatus 10 on standby, the same data as storedin the inoperable apparatus, and places the standby communicationcontrol apparatus 10 in operation. For example, when the communicationcontrol apparatus 10 with the apparatus ID “2” halts the operationbecause of a failure, as shown in FIG. 20, the communication controlapparatus 10 with the apparatus ID “6”, which has been on standby,stores the data with data IDs “100001-200000” and starts operating.Thus, even if a communication control apparatus 10 stops because of sometrouble, the main operation will be continued properly. Thecommunication control apparatus 10 on standby may store any of the datain advance to be made in a hot standby state, or may be in a coldstandby state.

Next, the procedure for updating databases stored in the communicationcontrol apparatuses 10 will be described. The database server 150acquires the latest database from an external database at a certain timeand retains it therein. In order to reflect, in a communication controlapparatus 10, the latest database retained in the database server 150,the operation monitoring server 110 transfers the data from the databaseserver 150 and stores it in the communication control apparatus 10 at acertain time.

FIGS. 21A, 21B and 21C are diagrams for describing the procedure forupdating databases. As with FIG. 19, FIG. 21A shows that thecommunication control apparatuses 10 with the apparatus IDs “1”-“5” arein operation while the communication control apparatus 10 with theapparatus ID “6” is on standby. At the time when a database is to beupdated, the operation monitoring server 110 identifies thecommunication control apparatus 10 in a standby state then and instructsthe database server 150 to store the data in the communication controlapparatus 10. In the example shown in FIG. 21A, the communicationcontrol apparatus 10 with the apparatus ID “6” is on standby, so thatthe database server 150 stores the data in that apparatus. The operationmonitoring server 110 then changes the operating state field 113 for theapparatus ID “6” to “data updating”.

FIG. 21B shows a state where a database of a communication controlapparatus 10 is being updated. The database server 150 stores, in thefirst database 50 in the communication control apparatus 10 with theapparatus ID “6” on standby, the data handled by one of thecommunication control apparatuses 10 in operation. In the example shownin FIG. 21B, the data with data IDs “000001-100000”, which have beenhandled by the communication control apparatus 10 with the apparatus ID“1”, are stored in the communication control apparatus 10 with theapparatus ID “6”.

FIG. 21C shows a state where the communication control apparatus 10 withthe apparatus ID “6” has had its database updated and is placed inoperation, and the communication control apparatus 10 with the apparatusID “1” is placed into a standby state instead. Upon completion ofstoring data in the communication control apparatus 10 with theapparatus ID “6”, the operation monitoring server 110 starts theoperation of the apparatus, which stores the updated database. Theoperation monitoring server 110 also stops the operation of thecommunication control apparatus 10 with the apparatus ID “1”, whichstores the database before update, to place the apparatus into a standbystate. Thus, the communication control apparatus 10 with an updateddatabase is placed in operation. Then, the data with data IDs“100001-200000” are stored in the communication control apparatus 10with the apparatus ID “1” before the apparatus is placed in operation,and, subsequently, the operation of the communication control apparatus10 with the apparatus ID “2” is stopped. Thereafter, databases aresimilarly updated by turns, so that the databases of all thecommunication control apparatuses 10 can be updated behind the actualoperation, without halting the operation of the communication controlsystem 100.

In this way, data stored in each of the communication controlapparatuses 10 is not fixed in the base technology, and hence, thecommunication control apparatus 10 that stores certain data changes withtime. If, before a packet is sent to each of the communication controlapparatuses 10, the process of determining which communication controlapparatus 10 stores the data of the user is performed, the time for theprocess will be additionally required. Accordingly, in the presentembodiment, a received packet is provided to all the communicationcontrol apparatuses 10, and each of the apparatuses then processes thepacket. In the following, a technique for providing such mechanism willbe described.

FIG. 22 shows a configuration of a communication path control apparatusprovided to process packets with multiple communication controlapparatuses 10. A communication path control apparatus 200 comprises aswitch 210, an optical splitter 220, which is an example of a datasupply unit, and a switch 230. The switch 210 transmits a receivedpacket to the communication control apparatuses 10.

Between the switch 210 and the communication control apparatuses 10,there is provided the optical splitter 220 that provides the packet tothe multiple communication control apparatuses 10 a, 10 b and 10 c inparallel. The switch 210 practically transmits a packet to the opticalsplitter 220, which transmits the packet to each of the communicationcontrol apparatuses in parallel.

If a packet is converted to a broadcast packet so as to be transmittedto the multiple communication control apparatuses 10 a, 10 b and 10 c,additional process such as adding a time stamp to the header will berequired, which reduces the processing speed. Therefore, a packet is notconverted but split by the optical splitter 220 so as to be transmittedas a unicast packet to the multiple communication control apparatuses 10a, 10 b and 10 c. This method will be called “parallelcast” in thepresent specification.

Each of the communication control apparatuses is not set to a mode inwhich an apparatus receives only packets directed to the MAC address ofthe apparatus, but set to promiscuous mode in which an apparatusreceives all packets regardless of the destination MAC addresses. Whenreceiving a packet sent via parallelcast from the optical splitter 220,each of the communication control apparatuses omits MAC address matchingand acquires every packet to process it.

If a packet needs to be returned to the transmission source because, forexample, the communication thereof has been prohibited, thecommunication control apparatus 10 c will transmit a response packet tothe switch 210 bypassing the optical splitter 220. If the communicationcontrol apparatus 10 c processes the packet and the communicationthereof is permitted, the communication control apparatus 10 c willtransmit the packet to a network. Between the communication controlapparatuses 10 and the upstream communication line, there is providedthe switch 230 by which packets transmitted from the multiplecommunication control apparatuses 10 a, 10 b and 10 c are aggregated.The communication control apparatus 10 c will practically transmit thepacket to the switch 230, which transmits the packet to the upstreamcommunication line.

When the switch 230 receives a return packet transmitted from thedestination of packet transmission and if the return packet need not beprocessed by the communication control apparatuses 10, the packet willbe transmitted from the port 232 of the switch 230 to the port 212 ofthe switch 210, and then transmitted therefrom to the transmissionsource. On the Internet, the transmission path is generally recorded inthe packet to ensure the return path through which a response packetsent in return for the packet can be certainly delivered to thetransmission source. In the present embodiment, however, since thereturn path is already provided within the communication path controlapparatus 200, communication can be performed between apparatuseswithout recording the path or processing the packet. Consequently,unnecessary process can be eliminated, thereby improving the processingspeed.

The example in FIG. 22 shows the case where only a packet transmittedfrom a transmission source to a transmission destination is processed,but a return packet transmitted from the transmission destination to thetransmission source is made to pass through without being processed.Alternatively, the communication path control apparatus 200 may beconfigured so that the communication control apparatuses 10 processpackets transmitted in both directions. In such case, the opticalsplitters 220 may be provided on both sides of the communication controlapparatuses 10. Also, the bypass path from the switch 230 to switch 210need not be provided.

In such way, by sending a packet via parallelcast to all thecommunication control apparatuses, the packet can be appropriatelyprocessed by the proper communication control apparatus among themultiple communication control apparatuses, without the need to specify,in advance, a communication control apparatus by which the packet is tobe processed.

Since these communication control apparatuses receive all packets sentvia parallelcast from the communication path control apparatus 200 toprocess or discard them, as stated previously, the apparatuses need notbe provided with IP addresses, which uniquely identify apparatuses onthe Internet. If the packet processing as discussed above is performedby server apparatuses or the likes, it will be necessary to considerattacks to the server apparatuses. However, since the communicationcontrol apparatuses of the present embodiment cannot be directlyattacked by malicious third parties via the Internet, communicationcontrol can be performed securely.

First Embodiment

FIG. 23 shows a configuration of a communication management systemaccording to the first embodiment. A communication management system 300manages P2P communication, such as blocking or subordinatinginappropriate communication between P2P nodes 320, using thecommunication control system 100 having a packet filtering function,etc.

A user terminal 310, such as a personal computer, generally connects toan Internet service provider (hereinafter, described as “ISP”) 330 via apublic telephone network, a cellular phone network, a LAN or a WAN (notillustrated), and connects to the Internet 390 via the ISP 330. The P2Pnodes 320, which execute P2P applications including file-sharingsoftware, have P2P connections between each other, forming a P2P network322. The “P2P node 320” includes an apparatus functioning as a server ora host providing a file search function, etc. in a file-sharingapplication.

In a server-client model, a server stores information while a clientacquires information by connecting to the server via the Internet.Accordingly, when distribution of an illegal content is detected, onlythe server providing the content need be found and stopped. In the P2Pnetwork 322, however, since direct communication is conducted betweenP2P nodes 320, distribution of an illegal content therein is difficultto detect; even such distribution can be detected, again it is difficultto identify the P2P node 320 that provides the illegal content.

Also, in the case where a file is directly sought among P2P nodes 320 byinquiring for the file, without a file search server for file sharingbeing not provided in the P2P network 322, communications will increaseat an accelerated pace along with an increasing number of P2P nodes 320.Accordingly, network congestion may occur, thereby possibly affectinganother user terminal 310 using the ISP 330.

In addition, since a P2P node 320 directly communicates with another P2Pnode 320 in the P2P network 322, the network is vulnerable to attacksfrom malicious P2P nodes 320 and could be a breeding ground forspreading viruses. Consequently, users ignorant of or indifferent tocomputer security use file-sharing applications and get infected withviruses, thereby causing social problems including leakage of importantinformation.

Under such circumstances, appropriate techniques for managing P2Pcommunication have been strongly desired, but it has been difficult toregulate data transmission between P2P nodes 320. The present embodimentproposes a technique for detecting a P2P node 320 and performingappropriate filtering on the communication with the P2P node 320 thusdetected. This technique is expected to solve the aforementionedproblems, so that the social contribution of the present invention maybe considered remarkable.

In the present embodiment, the communication control system 100described in the base technology is provided between the user terminal310 and a P2P node 320 in the P2P network 322, as shown in FIG. 23.Also, there is provided a P2P node detection network 352 for detectingan IP address, etc. of a P2P node 320; the network is used to notify thecommunication control system 100 of identification information includingthe IP address of a P2P node 320 detected by a node detector 340 so asto detect communication with the P2P node 320. The communication controlsystem 100 may be provided at any position in a network, and FIG. 23shows an example in which an ISP 330 possesses the communication controlsystem 100. Since most P2P nodes 320 connect to the Internet 390 via anISP 330, P2P communication can be managed more reliably if each ISP 330employs the communication control system 100.

A P2P node 350 connects to the Internet 390 via a layer 2 switch 344 anda router 342, and executes a P2P application to have a P2P connectionwith a P2P node 320 for communication. The node detector 340 is providedbetween a P2P node 350 and the P2P network 322, and acquires andanalyzes a communication packet transmitted between a P2P node 350 and aP2P node 320 in the P2P network 322 so as to detect identificationinformation including the IP address and the TCP/UDP port number of theP2P node 320. The node detector 340 does not record the party on theother side of communication when the application used there is otherthan a P2P application executed by a P2P node 350, such as one forinquiry to a DNS, and only detects and records the party on the otherside of communication using a P2P application. The node detector 340analyzes a packet transmitted from or to a P2P node 350, but makes thepacket pass through without performing filtering thereon as the detectoris layer 2 transparent. The node detector 340 shown in FIG. 23 may alsobe provided as a router-type apparatus besides such layer 2 transparenttype. In such case, the node detector 340 performs routing as if it werea common router-type apparatus, but also detects and records the partyon the other side of communication using a P2P application. The IPaddress and TCP/UDP port number of a P2P node 320 detected by the nodedetector 340 are registered in a P2P node database 360. The dataregistered in the P2P node database 360 is reflected in the firstdatabase 50 of the communication control apparatus 10 at a certain timeby the database server 150 of the communication control system 100, asdescribed in the base technology.

The communication control apparatus 10 searches the first database 50for the IP address and TCP/UDP port number of the transmission source ortransmission destination of a packet passing through the ISP 330, usingthe index circuit 34 and binary search circuit 36. If the IP address andTCP/UDP port number are registered in the first database 50, it meansthat the packet results from P2P communication with a P2P node 320.Accordingly, the process execution circuit 40 will discard the packet toblock the P2P communication thereof, or will delay the transmission ofthe packet to subordinate it to other communications. If the IP addressand TCP/UDP port number are not registered in the first database 50, onthe other hand, the packet is found to be not from P2P communication, sothat the process execution circuit 40 will transmit the packet to thenetwork without discarding it. Thus, P2P communication can be detectedand restrained.

In the example above, the node detector 340 detects and obtains the IPaddress and TCP/UDP port number of a P2P node 320. If another protocolis used in P2P communication, another identification information of aP2P node 320, with which the P2P communication can be detected, may beobtained depending on the protocol.

When the user terminal 310 newly activates a P2P application andcommunicates with a P2P node 350, the node detector 340 detects the IPaddress and TCP/UDP port number of the P2P node, which are registered inthe P2P node database 360 thereafter. Therefore, if the time intervalsat which the P2P node database 360 is reflected in the communicationcontrol system 100 are shortened, the control of P2P communication witha new P2P node 320 can be started in a short time after the firstcommunication with the P2P node 320.

When P2P communication is once conducted with a P2P node 320 and the P2Pnode 320 is registered in the P2P node database 360, but if there is noP2P communication with the P2P node 320 in a long time thereafter, theP2P node 320 may be deleted from the P2P node database 360. For example,in the case where a user uninstalls a P2P application from a userterminal 310 and uses the port number that has been used incommunications of the P2P application for another communication, thecommunication using the port number will be restrained even if it is notP2P communication because the port number is registered together with anIP address in the P2P node database 360. Accordingly, the dates andtimes when P2P nodes 320 are detected last time may be recorded in theP2P node database 360, and when a P2P node 320 has not been detected fora certain period of time after the date and time of its last detection,the information on the P2P node 320 may be deleted from the P2P nodedatabase 360. If the user terminal 310 restarts P2P communication withthe P2P node, the P2P node will be detected by the node detector 340 andregistered in the P2P node database 360 again, so that P2P communicationwith the node will be blocked or subordinated.

FIG. 24 shows another illustrative configuration of the communicationmanagement system. The communication management system 300 shown in FIG.24 differs from the communication management system 300 of FIG. 23 inthe configuration of the P2P node detection network 352. Morespecifically, the node detector 340 is not provided between the router342 and layer 2 switch 344 but is connected posterior to the layer 2switch 344. In this example, all packets passing through the layer 2switch 344 are copied and transmitted to the node detector 340, usingthe port mirroring function of the layer 2 switch 344. The node detector340 analyzes an acquired packet to obtain identification information ofa P2P node 320, and discards the packet. Other configurations andoperations are the same as those of the communication management system300 shown in FIG. 23.

FIG. 25 shows a configuration of the packet processing circuit 20 of thepresent embodiment. The packet processing circuit 20 comprises a decodercircuit 70 and a decryption key 72 in addition to the configuration ofthe packet processing circuit 20 of the base technology shown in FIG. 4.

In a protocol used for a P2P application, there are often includeddistinctive character strings. When identification information includingthe name of a P2P application is provided in the header of a TCP packet,for example, whether or not the packet is derived from P2P communicationcan be determined by detecting such character strings. Accordingly, inthe present embodiment, a character string unique to P2P communicationincluded in a packet is detected using the position detection circuit 32described in the base technology, so as to determine if it is P2Pcommunication. A packet that includes a character string unique to P2Pcommunication is discarded or subordinated by the process executioncircuit 40, without being subjected to matching with the first database50 performed by the index circuit 34 and binary search circuit 36.Accordingly, P2P communication can be detected efficiently to befiltered.

With some P2P applications, communication data is encrypted before beingtransmitted. The decoder circuit 70 decrypts the communication data ofan acquired packet, using the decryption key 72 for decryptingcommunication data encrypted by a P2P application. When communicationdata is encrypted by a P2P application using common key cryptography,for example, the common key therefor is used as the decryption key 72 todecrypt the communication data thus encrypted. The decoder circuit 70 isprovided as a dedicated hardware circuit configured with a wired logiccircuit having no CPU or OS, as described in the base technology. Thedecryption key 72 may be provided to be rewritable from the outside.Accordingly, the packet processing circuit 20 can respond flexibly tothe case where the decryption key of a P2P application is changed. Also,the packet processing circuit 20 can be commonly used even when adifferent P2P application is executed.

Also in the case above, the position detection circuit 32 detects acharacter string unique to P2P communication in the decryptedcommunication data. If the packet is not derived from P2P communication,decryption process by the decoder circuit 70 leaves a meaningless datastring, so that such character string unique to P2P communication willnot be detected. Therefore, whether or not a packet is derived from P2Pcommunication can be determined by checking if there is included acharacter string unique to P2P communication.

Second Embodiment

FIG. 26 shows a configuration of a communication management systemaccording to the second embodiment. The communication management system300 manages distribution of contents provided by P2P nodes 320.

The communication management system 300 of the present embodimentdiffers from the communication management system 300 of the firstembodiment shown in FIG. 23 in: comprising illegal content detectionnetworks 354 instead of the P2P node detection networks 352; comprisingan illegal content database 362 instead of the P2P node database 360;and further comprising a warning content server 364. The illegal contentdetection network 354 comprises an illegal content detector 356 insteadof the node detector 340 provided in the P2P node detection network 352of the first embodiment shown in FIG. 23. Other configurations andoperations in the communication management system 300 are the same asthose in the first embodiment.

When a P2P node 350 receives from a P2P node 320 a content of whichdistribution should be controlled, the illegal content detector 356detects the identification information of the content and registers itin the illegal content database 362. The illegal content detector 356may have, for example, a virus detection program for detectingvirus-infected contents, so as to detect identification information ofsuch contents. The illegal content detector 356 may also detectidentification information of an image content or a moving image contentwhen the content includes an inappropriate image of which distributionshould be controlled. Thus, the illegal content detector 356 detects notonly identification information of contents of which distribution isillegal, but also identification information of contents of whichdistribution should be controlled, such as a moving image includingviolent scenes or an image offensive to public order and morals. Theillegal content detector 356 may accept the designation of aninappropriate content from an operator who checks contents to detectinappropriate contents, so as to detect the identification informationof such content. The identification information may include the filename, file size, or hash value, such as MD5, of the content. Thedetected identification information is stored in the illegal contentdatabase 362 using a leased line or VPN.

The data registered in the illegal content database 362 is reflected inthe first database 50 of the communication control apparatus 10 at acertain time by the database server 150 of the communication controlsystem 100, as described in the base technology. Since the firstdatabase 50 may be updated each time a new record is added to theillegal content database 362, distribution of viruses or illegalcontents can be controlled promptly.

The communication control apparatus 10 checks if a packet passingthrough the ISP 330 includes inappropriate content data or a request forthe transmission of an inappropriate content, by searching through thefirst database 50 using the index circuit 34 and binary search circuit36. If identification information of a content is registered in thefirst database 50, it means that the content is inappropriate.Accordingly, the process execution circuit 40 will perform processing tocontrol the distribution of the content, such as discarding the packetto block the transmission thereof or changing the destination of therequest of the packet transmission to the warning content server 364. Ifidentification information is not registered in the first database 50,on the other hand, the process execution circuit 40 will transmit thepacket to the network without performing processing of distributioncontrol. Thus, distribution of inappropriate contents can be detectedand controlled appropriately.

In the following, there will be described a specific method forcontrolling distribution of an inappropriate content. FIG. 27 is asequential diagram that shows a procedure of a method for controllingdistribution of an inappropriate content. In a file-sharing protocolused in the P2P network 322, when a node, such as a user terminal 310,issues a search request to find a content (S10), a P2P node 320 that hasreceived the search request will transmit, in response, file summaryinformation 380, 382, which includes the file name, file size and hashvalue of the content extracted through search (S12). If there isincluded not only file summary information 380 that relates to a contentof which distribution is freely allowed, but also file summaryinformation 382 that relates to an inappropriate content of whichdistribution should be controlled, the communication control system 100will detect and delete the file summary information 382 of theinappropriate content (S14). The response packet in which the filesummary information 382 of the inappropriate content has been deleted isthen transmitted to the user terminal 310 (S16). Accordingly, even if aP2P node 320 has an inappropriate content and is capable of distributingit, the user terminal 310 will assume that the P2P node 320 has no suchcontent because the file summary information 382 of the inappropriatecontent has been deleted from the search response. Therefore, the userterminal 310 cannot receive the inappropriate content, and hence,distribution of an inappropriate content can be thus restricted.

FIG. 28 is a sequential diagram that shows a procedure of another methodfor controlling distribution of an inappropriate content. When a userterminal 310 issues a search request to find a content (S30), a P2P node320 that has received the search request will transmit, in response,file summary information 380, 382 of the content extracted throughsearch (S32). If there is included file summary information 382 relatingto an inappropriate content of which distribution should be controlled,the communication control system 100 will detect the file summaryinformation 382, find the IP address of the node distributing the file,i.e. a P2P node 320 in this example, in the file summary information,and change such IP address to the IP address of the warning contentserver 364, which provides a warning content (S34). The communicationcontrol system 100 will then transmit to the user terminal 310 theresponse packet as search response (S36). When the user terminal 310that has received the search response wishes to download a content ofwhich distribution is not restricted, the user terminal 310 requests thedownloading thereof from the P2P node 320 (S38); the P2P node 320 thentransmits the requested content (S40). However, in the case of a contentof which distribution is restricted, since the IP address of thedestination of the request for downloading the content has been changedto the IP address of the warning content server 364, the user terminal310 requests the downloading of the content from the warning contentserver 364 (S42). In response thereto, the warning content server 364transmits to the user terminal 310 a warning content, which warns thatthe requested content is inappropriate and the distribution thereof isrestricted (S44). Accordingly, even if a P2P node 320 has aninappropriate content and is capable of distributing it, the userterminal 310 cannot request the transmission of the content from the P2Pnode 320. Thus, distribution of inappropriate contents can berestricted.

FIG. 29 is a sequential diagram that shows a procedure of yet anothermethod for controlling distribution of an inappropriate content. A userterminal 310 requests downloading of contents from a P2P node 320 (S50),and the P2P node 320 transmits the contents thus requested to the userterminal 310 (S52); if there are included not only a content 386 ofwhich distribution is freely allowed, but also an inappropriate content388 of which distribution should be controlled, the communicationcontrol system 100 will replace the inappropriate content 388 with awarning content 389 for warning that the requested content isinappropriate and the distribution thereof is restricted (S54). Thecommunication control system 100 will then transmit the contents to theuser terminal 310 (S56).

FIG. 30 shows an internal configuration of the packet processing circuit20 in the communication control apparatus 10 of the present embodiment.The packet processing circuit 20 comprises, as the first database 50, auser database 57, a virus list 161, a whitelist 162, a blacklist 163 anda common category list 164. The user—database 57 stores information onusers who use the communication control apparatus 10. The communicationcontrol apparatus 10 receives, from a user, information for identifyingthe user, and performs matching between the information received by thesearch circuit 30 therein and the user database 57 to authenticate theuser. After the user is authenticated as a user registered in the userdatabase 57, identification information of a content is checked againstthe virus list 161, whitelist 162, blacklist 163 and common categorylist 164, in order to determine whether or not the access to the contentshould be permitted.

The whitelist 162 and blacklist 163 are provided for each user, and whena user ID is uniquely specified after the user authentication, thewhitelist 162 and blacklist 163 for the user are provided to the searchcircuit 30.

The virus list 161 contains a list of identification information ofcontents containing computer viruses. If identification information of acontent is included in the virus list 161, the distribution of thecontent will be blocked. Accordingly, even when a user is about todownload a virus unconsciously, the access can be appropriatelyprohibited, thereby protecting users from viruses.

The whitelist 162 is provided for each user and contains a list ofidentification information of contents of which distribution ispermitted. The blacklist 163 is also provided for each user but containsa list of identification information of contents of which distributionis prohibited. FIG. 31A shows an example of internal data of the viruslist 161. Similarly, FIG. 31B shows an example of internal data of thewhitelist 162, and FIG. 31C shows that of the blacklist 163. Each of thevirus list 161, whitelist 162 and blacklist 163 contains a categorynumber field 165, a file name field 166, a size field 167, and a hashvalue field 170.

The common category list 164 contains a list classifying contents intomultiple categories, with which distribution of contents is controlled.FIG. 32 shows an example of internal data of the common category list164. The common category list 164 also contains the category numberfield 165, file name field 166, size field 167 and hash value field 170.

The communication control apparatus 10 extracts file summary informationtransmitted in a file-sharing protocol or identification informationfrom a content using the position detection circuit 32, and searches thevirus list 161, whitelist 162, blacklist 163 and common category list164 for the identification information using the index circuit 34 andbinary search circuit 36.

FIGS. 33A, 33B, 33C and 33D show examples of internal data of the seconddatabase 60 used to control content distribution. FIG. 33A shows thesearch result and processing content with respect to the virus list 161.If identification information of a content matches identificationinformation included in the virus list 161, the distribution of thecontent will be prohibited. FIG. 33B shows the search result andprocessing content with respect to the whitelist 162. If identificationinformation of a content matches identification information included inthe whitelist 162, the distribution of the content will be permitted.FIG. 33C shows the search result and processing content with respect tothe blacklist 163. If identification information of a content matchesidentification information included in the blacklist 163, thedistribution of the content will be prohibited.

FIG. 33D shows the search results and processing contents with respectto the common category list 164. As shown in FIG. 33D, a user candetermine, with respect to each category, the permission or prohibitionof the access to contents belonging to the category, in relation to theresult of search through the common category list 164. The seconddatabase 60 for the common category list 164 contains a user ID field168 and a category field 169. The user ID field 168 contains an ID foridentifying a user. The category field 169 contains information thatindicates the permission or prohibition of the access to contentsbelonging to the respective categories, which is determined by a userfor each of 57 categories classified. If identification information of acontent matches identification information included in the commoncategory list 164, the permission for the access to the content will bedetermined according to the category that the content belongs to and theuser ID. Although the number of common categories is 57 in FIG. 33D, itis not limited thereto.

FIG. 34 shows the priorities of the virus list 161, whitelist 162,blacklist 163 and common category list 164. In the present embodiment,the virus list 161, whitelist 162, blacklist 163 and common categorylist 164 have higher priorities in this order. For example, even thoughidentification information of a content appears in the whitelist 162 andthe access thereto is permitted therein, the access will be prohibitedif the identification information also appears in the virus list 161, asit is determined that the content contains a computer virus.

When conventional software-based matching is performed in considerationof such priorities, the matching is performed on the lists, for example,in descending order of priority and the first match is employed.Alternatively, the matching is performed on the lists in ascending orderof priority, and the latest match is employed to replace the precedingmatch. In the present embodiment using the communication controlapparatus 10 configured with a dedicated hardware circuit, in contrast,there are provided a search circuit 30 a for performing matching withrespect to the virus list 161, a search circuit 30 b for performingmatching with respect to the whitelist 162, a search circuit 30 c forperforming matching with respect to the blacklist 163, and a searchcircuit 30 d for performing matching with respect to the common categorylist 164; these search circuits 30 perform matching simultaneously inparallel. When matches are found in multiple lists, the one with thehighest priority is employed. Thus, even when multiple databases areprovided and the priorities thereof are defined, the search time can bereduced remarkably.

The priorities of the virus list 161, whitelist 162, blacklist 163 andcommon category list 164, with which the permission of access isdetermined, may be defined in the second database 60, for example. Theconditions in the second database 60 may be modified depending on thepriorities of the lists.

Therefore, when controlling content distribution using multipledatabases, by defining priorities of the databases to perform processingaccording thereto, and also by providing the highest priority to thefiltering with the virus list 161, distribution of a content including avirus can be certainly prohibited, irrespective of the conditions in thewhitelist 162 or the like defined by the user. This can appropriatelyprotect users from viruses or the likes.

If a packet includes a content of which distribution is not controlled,the process execution circuit 40 will transmit the packet to a networkwithout processing it. In the case of a content of which distributionshould be restricted, the process execution circuit 40 will performprocessing as stated above. For example, if the distribution controlshown in FIG. 27 is performed, the process execution circuit 40 willdelete the file summary information of the content detected by thesearch circuit 30 from the packet before transmitting the packet to thenetwork. If the distribution control shown in FIG. 28 is performed, theprocess execution circuit 40 will find the IP address of the nodedistributing the file in the file summary information of the contentdetected by the search circuit 30 and change such IP address to the IPaddress of the warning content server 364 stored in the second database60, etc. in advance, before transmitting the packet to the network. Ifthe distribution control shown in FIG. 29 is performed, the processexecution circuit 40 will replace the content detected by the searchcircuit 30 with a warning content stored in the second database 60, etc.before transmitting the packet to the network. The warning content maybe provided from the warning content server 364 to the communicationcontrol apparatus 10.

With the configuration and operation as described above, access to aninappropriate content can be prohibited. Also, since the search circuit30 is a dedicated hardware circuit configured with FPGA, etc.,high-speed search processing can be achieved, as discussed previously,and distribution control can be performed with minimal effect on thetraffic. By providing such filtering service, an ISP 330 can provideadded value, thus gaining more users.

The whitelist 162 or blacklist 163 may be mutually provided for allusers. Also, the control of content distribution described above may beapplied to all packets without performing user authentication. In suchcase, the user database 57 need not be provided.

The present invention has been described with reference to theembodiment. The embodiment is intended to be illustrative only and itwill be obvious to those skilled in the art that various modificationsto constituting elements or processes could be developed and that suchmodifications are also within the scope of the present invention.

INDUSTRIAL APPLICABILITY

The present invention is applicable to a communication management systemthat manages distribution of contents.

1. A communication management system, comprising: a terminal which has a peer to peer connection to communicate with a node conducting peer to peer communication; a content detector which detects identification information of a content of which distribution should be controlled, among contents that the terminal has received from the node, and registers the identification information in a content database; a communication control apparatus which refers to a database storing the detected identification information to control transmission of the content of which distribution should be controlled; and a database server which refers to the content database to update the database of the communication control apparatus, the content detector including: an acquiring part which acquires a content that the terminal has received from the node; a first detector which determines if an acquired content is a virus-infected content and detects the identification information of a virus-infected content; a second detector which accepts the designation of an inappropriate content from an operator who checks acquired contents to detect inappropriate contents, and detects the identification information of the content; and a register which registers detected identification information in the content database, the communication control apparatus including: the database; a search circuit which acquires data of a content and searches the database for the identification information of the content; and a process execution circuit which performs processing for controlling the distribution of the content in accordance with the search result of the search circuit, wherein, when in the peer to peer communication the node requested to search for a content transmits, to the request source of the search, a response including identification information of a content registered in the database, the process execution circuit changes the address of a node distributing the content to the address of a warning content server which issues a warning that the distribution of the content should be restricted.
 2. The communication management system of claim 1, wherein the identification information of the content includes a file name, a file size, or a hash value of the content.
 3. The communication management system of claim 1, wherein the communication control apparatus is configured with a wired logic circuit.
 4. A communication management system comprising: a terminal which has a peer to peer connection to communicate with a node conducting peer to peer communication; a content detector which detects identification information of a content of which distribution should be controlled, among contents that the terminal has received from the node, and registers the identification information in a content database; a communication control apparatus which refers to a database storing the identification information of the content detected by the content detector, so as to control the transmission of the content of which distribution should be controlled; and a database server which refers to the content database to update the database of the communication control apparatus, the content detector including: means for acquiring a content that the terminal has received from the node; means for determining if an acquired content is a virus-infected content and detecting identification information of a virus-infected content; means for accepting the designation of an inappropriate content from an operator who checks acquired contents to detect inappropriate contents, and detecting the identification information of the content; and means for registering the detected identification information in the content database, the communication control apparatus including: the database; a search circuit which acquires data of a content and searches the database for the identification information of the content; and a process execution circuit which performs processing for controlling the distribution of the content in accordance with the search result of the search circuit, wherein, when identification information of a content transmitted from the node to another apparatus matches identification information registered in the database in the peer to peer communication, the process execution circuit replaces the content with a warning content for warning that the distribution of the content should be restricted.
 5. The communication management system of claim 4, wherein the identification information of the content includes a file name, a file size, or a hash value of the content. 6.-8. (canceled)
 9. The communication management system of claim 4, wherein the communication control apparatus is configured with a wired logic circuit.
 10. A communication management method, comprising: a content detector's acquiring a content that a terminal has received from a node conducting peer to peer communication, the terminal having a peer to peer connection to communicate with the node; a content detector's determining if an acquired content is a virus-infected content and detecting identification information of a virus-infected content; a content detector's accepting the designation of an inappropriate content from an operator who checks acquired contents to detect inappropriate contents, and detecting the identification information of the content; a content detector's registering detected identification information in a content database; a database server's referring to the content database to update a database of a communication control apparatus controlling the distribution of a content; a search circuit's acquiring data of a content and searching the database for the identification information of the content, the search circuit being provided in the communication control apparatus; and when in the peer to peer communication the node requested to search for a content transmits, to the request source of the search, a response including identification information of a content registered in the database, a process execution circuit's changing the address of a node distributing the content to the address of a warning content server which issues a warning that the distribution of the content should be restricted, the process execution circuit being provided in the communication control apparatus.
 11. A communication control apparatus, comprising: a database which stores identification information of a content detected as a content of which distribution should be controlled, among contents transmitted between nodes through peer to peer communication; a search circuit which acquires data of a content and searches the database for identification information of the content; and a process execution circuit which performs processing for controlling the distribution of the content in accordance with the search result of the search circuit, wherein, when in the peer to peer communication the node requested to search for a content transmits, to the request source of the search, a response including identification information of a content registered in the database, the process execution circuit changes the address of a node distributing the content to the address of a warning content server which issues a warning that the distribution of the content should be restricted. 12.-20. (canceled)
 21. A communication management method comprising: a content detector's acquiring a content that a terminal has received from a node conducting peer to, peer communication, the terminal having a peer to peer connection to communicate with the node; a content detector's determining if an acquired content is a virus-infected content and detecting identification information of a virus-infected content; a content detector's accepting the designation of an inappropriate content from an operator who checks acquired contents to detect inappropriate contents, and detecting the identification information of the content; a content detector's registering detected identification information in a content database; a database server's referring to the content database to update a database of a communication control apparatus controlling the distribution of a content; a search circuit's acquiring data of a content and searching the database for the identification information of the content, the search circuit being provided in the communication control apparatus; and when identification information of a content transmitted from the node to another apparatus matches identification information registered in the database in the peer to peer communication, the communication control apparatus's replacing the content with a warning content for warning that the distribution of the content should be restricted.
 22. A communication control apparatus comprising: a database which stores identification information of a content detected as a content of which distribution should be controlled, among contents transmitted between nodes through peer to peer communication; a search circuit which acquires data of a content and searches the database for the identification information of the content; and a process execution circuit which performs processing for controlling the distribution of the content in accordance with the search result of the search circuit, wherein, when identification information of a content transmitted from the node to another apparatus matches identification information registered in the database in the peer to peer communication, the process execution circuit replaces the content with a warning content for warning that the distribution of the content should be restricted. 